What is a Claude Code plugin?

A Claude Code plugin is an installable package that can bundle commands, skills, subagents, hooks, MCP servers, LSP servers, and configuration so Claude Code can work with a specific workflow or toolchain.

Are Claude Code plugins safe to install?

Some plugins are safer than others. Treat every plugin as executable workflow code: inspect its repository, permissions, hooks, MCP servers, update behavior, and maintainer before enabling it on real projects.

Should I install a plugin, a skill, or an MCP server?

Install a plugin when you want a packaged workflow. Use a skill when you mainly need instructions and reusable procedures. Use an MCP server when Claude needs access to an external system or tool.

Claude Code Plugins: Marketplace, Install Commands, Safety Checklist

The practical answer

Claude Code plugins are useful because they turn repeated development workflows into installable packages. Instead of copying a command, a skill, a subagent prompt, an MCP configuration, and a set of hooks into every project by hand, a plugin can bundle those pieces together and expose them through Claude Code. That makes plugins attractive for teams that want repeatable code review, frontend work, security review, documentation, pull request workflows, language-server support, or integrations with systems such as GitHub and internal tools.

The same packaging is also why plugins deserve a safety check. A plugin is not just a blog post or a passive prompt. Depending on what it contains, it may add commands, start subprocesses, connect to MCP servers, use language servers, run hooks, read files, write files, or rely on third-party code that changes over time. The safest way to think about plugins is this: install them like developer tooling, not like browser bookmarks. If you would not blindly install a random GitHub Action, shell script, VS Code extension, or npm package into a work repository, do not blindly install a Claude Code plugin either.

This page is an independent guide for the keyword cluster around Claude Code plugins, plugin marketplace, plugin list, skills, MCP servers, and best plugins. It is not affiliated with Anthropic or Claude. Use it to decide what to inspect before you install, then confirm details in the official Claude Code documentation, the plugin repository, and your own local Claude Code environment.

How to find and install Claude Code plugins

Job	Where to start	Command or action	What to verify
Browse official plugins	Claude Code plugin UI or official docs	`/plugin`, then use the Discover tab	Plugin name, maintainer, repository, permissions, and last update.
Install from official marketplace	`claude-plugins-official`	`/plugin install github@claude-plugins-official`	Whether it is Anthropic-managed, partner-maintained, or community-maintained.
Refresh marketplace data	Installed marketplace cache	`/plugin marketplace update claude-plugins-official`	Whether a failed install is caused by stale local marketplace metadata.
Add another marketplace	A trusted GitHub repository with marketplace metadata	`/plugin marketplace add owner/repo`	Who controls the repository and how plugins are reviewed before publication.
Test a local plugin	Your own plugin directory	Run Claude Code with the local plugin directory enabled	Manifest fields, local paths, hooks, dependency behavior, and cache writes.

Command availability depends on your Claude Code version. If you do not see plugin commands, update Claude Code and recheck the official docs.

Plugin

Use a plugin when you want a packaged workflow

A plugin is the right shape when the workflow needs more than one component. For example, a pull request review plugin may include a command, a review-oriented agent, repository guidance, hooks, and supporting checks. A frontend plugin may include a design skill, a screenshot workflow, and browser testing guidance. A GitHub plugin may include commands plus an MCP server connection. Packaging keeps the workflow consistent across machines and projects.

Skill

Use a skill when instructions are the main asset

A skill is usually lighter. It tells the agent how to handle a task, what references to use, and which scripts or templates belong to the workflow. Skills are good for repeatable judgment: SEO checks, frontend design rules, code review style, data cleanup, document generation, or deployment procedures. If the workflow does not need external tools or runtime hooks, a skill can be easier to audit than a plugin.

MCP server

Use MCP when Claude needs a tool boundary

An MCP server gives Claude access to external capabilities through a defined protocol. That can be a browser, database, issue tracker, search API, cloud account, or internal tool. The upside is clear separation between the agent and the tool. The downside is that MCP servers often carry real permissions, credentials, and data access. Audit them like production integrations.

Hook

Treat hooks as automation with real side effects

Hooks can make Claude Code more useful by running checks or enforcing policy at the right time. They can also surprise you if they call scripts, change files, open browsers, send data, or create persistent state. Hooks are the part of a plugin you should read before any work repository sees the plugin. If the hook behavior is unclear, install in a disposable sandbox first.

Safety checklist before installing a Claude Code plugin

Check	Why it matters	Green signal	Red signal
Maintainer identity	Plugins can influence your coding workflow and may run supporting code.	Known organization, clear repository, visible issue history.	Anonymous repo, no history, unclear ownership, copied name.
Plugin manifest	The manifest describes what the plugin declares and depends on.	Readable name, version, homepage, components, and dependencies.	Obfuscated paths, broad dependencies, missing homepage, vague purpose.
Hooks and scripts	Hooks can run local automation and create side effects.	Short scripts, documented purpose, no network calls unless expected.	Downloads code at runtime, opens apps unexpectedly, writes outside project.
MCP/LSP components	Tool servers can expose files, credentials, APIs, or language intelligence.	Explicit scopes and local-only behavior where possible.	Requires broad tokens, cloud credentials, or unknown remote services.
Update behavior	A safe plugin today can change after an update.	Tagged releases, changelog, pinned dependencies.	Auto-update from moving branches with no review trail.
Project fit	Too many plugins can increase context noise and tool confusion.	One plugin solves one recurring workflow you actually use.	All-in-one bundle that activates many agents and hooks by default.

Which plugins are worth installing first?

Most developers should not start by installing every popular plugin. Start with the workflow that currently costs you the most time. If you constantly review pull requests, start with a PR review or code review workflow. If Claude wastes tokens searching a large repository, start with a code-indexing or language-server workflow. If you forget project rules, start with a skill or plugin that standardizes repository instructions. If you work inside GitHub issues and pull requests, start with a GitHub integration. The best plugin is the one that turns a repeated manual step into a repeatable, inspectable workflow.

For a small solo project, a lean setup may be best: one repository instruction file, one frontend or testing skill, one GitHub integration if needed, and one security or code review workflow. For a team, plugin selection should be more formal. Pick a small allowlist, test it in a non-sensitive repo, write down which components are allowed, and keep the plugin list in version-controlled documentation. The team should know which plugins may read code, which may run commands, and which may call remote services.

Claude Code plugin search has become a real discovery problem because there are official repositories, community marketplaces, curated directories, blog lists, Reddit recommendations, and GitHub projects that reuse the same words differently. That is why a useful plugin page should not only list names. It should explain installation route, component type, maintainer, safety profile, and which workflow the plugin actually improves. A plugin that is excellent for a TypeScript monorepo may be irrelevant for a static website or risky for a private client repository.

Plugin shortlist by use case

Use case	What to search	Good MVP value	Risk level
GitHub workflow	`github`, pull request, issues, review	Open PR context, address comments, summarize issues, reduce copy-paste.	Medium
Code review	review, security, simplifier, clean code	Find obvious regressions and simplify noisy diffs before human review.	Medium
Frontend work	frontend, browser, Playwright, accessibility	Turn design requirements into pages and verify layout in browser.	Low to medium
Language intelligence	TypeScript, Python, Go, C#, LSP	Help Claude navigate symbols instead of brute-force reading files.	Low to medium
Security or compliance	security, OWASP, secrets, audit	Catch risky patterns, missing tests, broad permissions, and credential exposure.	High
Team process	planning, tasks, docs, release notes	Standardize plans, changelogs, handoffs, and release summaries.	Low

Install decision flow

Name the recurring task. Do not install a plugin because it is trending. Install it because it removes a repeated step: PR triage, test repair, frontend QA, issue summarization, repo navigation, or security review.
Read the marketplace and repository. Check who maintains it, what components it contains, whether it uses MCP or hooks, and whether the repository has recent issues or breaking changes.
Test in a disposable repository. Run the plugin on non-sensitive code first. Watch what files it reads, what commands it suggests, and whether it creates unexpected state.
Limit scope in real projects. Enable only the plugins needed for the job. Keep sensitive repositories on a smaller allowlist.
Record the reason for the install. A simple `tools.md` or `AGENTS.md` note prevents future confusion when another developer sees plugin-created behavior.

The decision is not "plugins good" or "plugins bad." The useful distinction is whether the plugin has a clear job, a trustworthy maintainer, understandable components, and a safer workflow than doing the same task manually with copy-pasted prompts.

Primary sources

Related pages on AI Code Limits

FAQ

Is the official Claude plugin marketplace automatically available?

Current Claude Code documentation says the official Anthropic marketplace is available through Claude Code's plugin discovery flow. If your local environment does not show it, update Claude Code and refresh the marketplace cache before assuming the plugin is missing.

Can I use Claude Code plugins with Codex, Cursor, or OpenCode?

Not directly in most cases. Some ideas and skills can be ported, but plugin manifests, hooks, MCP configuration, and runtime behavior are product-specific. Treat cross-agent ports as separate packages that need their own review.

Should a work team allow community plugins?

Only with a review process. A reasonable policy is to allow official or internally maintained plugins by default, evaluate community plugins in a sandbox, and block plugins that download moving code, require broad credentials, or run unclear hooks.